Instacart, the grocery delivery gig service, admitted that two employees retained from a third-party support vendor accessed more shopper profiles than they needed to complete their work. The company is now notifying 2,180 shoppers about the incident and promised to take swift action.
In a press release, Instacart explains that the two employees may have accessed data, including names, email addresses, telephone numbers, driver’s license numbers, and thumbnail images of the driver’s license. That’s certainly enough information to commit identity theft.
Instacart says it has tools to detect breaches like this, and that’s how the company discovered the issue. According to its forensic information, the employees don’t seem to have downloaded or digitally copied the data.
For its part, Instacart says it took swift action once it confirmed the employee’s misdeeds. As the company explains:
First, we immediately worked with our third-party support vendor to ensure that their two employees will never work on behalf of Instacart again. Second, we suspended work at this third-party support location and have since ceased local operations indefinitely.
Instacart went on to say it will implement a dedicated shopper support process for use by anyone who thinks their data was accessed by the employees, or for anyone with security-related questions.
Altogether, it’s not a great look for the company. But it’s a positive sign for Instacart that it caught the problem and put a stop to it, rather than finding out from a data leak.